schpw.c in the kpasswd service in kadmind in MIT Kerberos 5
(aka krb5) before 1.11.3 does not properly validate UDP packets
before sending responses, which allows remote attackers to cause
a denial of service (CPU and bandwidth consumption) via a forged
packet that triggers a communication loop, as demonstrated by
krb_pingpong.nasl, a related issue to CVE-1999-0103.
[CVE-2002-2443].

An unauthenticated remote attacker could alter a SAM-2 challenge,
affecting the prompt text seen by the user or the kind of response
sent to the KDC. Under some circumstances, this can negate the
incremental security benefit of using a single-use authentication
mechanism token.

An unauthenticated remote attacker has a 1/256 chance of forging
KRB-SAFE messages in an application protocol if the targeted
pre-existing session uses an RC4 session key. Few application
protocols use KRB-SAFE messages.

An unauthenticated remote attacker could alter a SAM-2 challenge,
affecting the prompt text seen by the user or the kind of response
sent to the KDC. Under some circumstances, this can negate the
incremental security benefit of using a single-use authentication
mechanism token.

An unauthenticated remote attacker has a 1/256 chance of forging
KRB-SAFE messages in an application protocol if the targeted
pre-existing session uses an RC4 session key. Few application
protocols use KRB-SAFE messages.